ClawHub

Daily Tutor

Security checks across malware telemetry and agentic risk

Overview

This is a local study helper that reads a configured lesson list and records progress, with an optional quiz service integration users should enable carefully.

Install only if you are comfortable keeping study progress in the skill folder. Avoid putting private or sensitive material in data/data.json unless you are comfortable with it being copied into learned_items.json, and enable Quizbuild only if you accept sending quiz material to that external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes a Python script and documents reading from `data/data.json` and writing progress to `data/learned_items.json`, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: the orchestrator or reviewer may underestimate the skill’s ability to access and modify local files, which can lead to unintended data exposure or tampering if the skill is invoked automatically.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The example invocation is broad and conversational enough that an agent may match it during normal chat, causing the skill to activate unexpectedly. In this skill, unintended activation is more risky because it can trigger access to locally stored learning data and, if configured, send that content to the external Quizbuild service for quiz generation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README encourages use of an external Quizbuild service to generate quizzes from the user's daily items, but it does not clearly warn that those learning items may be transmitted to a third party. Because the skill supports arbitrary data structures, users may place sensitive or personal study content in the dataset without realizing it could leave the local environment.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description uses broad trigger language such as "daily lesson" and "new learning content" across "any subject," which can cause the skill to be selected for a wide range of generic educational requests. Over-broad invocation increases the chance the skill runs in contexts where file-backed state changes are unnecessary or unexpected, expanding exposure to its read/write behavior and reducing user intent fidelity.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The "When to Use" section contains ambiguous conditions like requests for a "daily lesson" or when a cron job asks for new items, without clear checks that the user has configured local study data or expects persistent progress tracking. In context, this matters because the skill is stateful and writes learned-item progress, so accidental invocation can disclose or alter local study records without sufficiently specific user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal